From 785186bf5a7251ba58c97397b98db348f595cdaa Mon Sep 17 00:00:00 2001
From: Trong Huu Nguyen <trong.huu.nguyen@nav.no>
Date: Thu, 10 Feb 2022 15:40:10 +0100
Subject: [PATCH] refactor: route errors should still log at least warning

---
 pkg/router/handler_callback.go           | 10 +++-------
 pkg/router/handler_error.go              |  6 +-----
 pkg/router/handler_frontchannellogout.go |  2 +-
 3 files changed, 5 insertions(+), 13 deletions(-)

diff --git a/pkg/router/handler_callback.go b/pkg/router/handler_callback.go
index 874e16d..df4e5ba 100644
--- a/pkg/router/handler_callback.go
+++ b/pkg/router/handler_callback.go
@@ -7,7 +7,6 @@ import (
 	"net/http"
 	"time"
 
-	"github.com/rs/zerolog"
 	log "github.com/sirupsen/logrus"
 	"golang.org/x/oauth2"
 
@@ -20,12 +19,9 @@ func (h *Handler) Callback(w http.ResponseWriter, r *http.Request) {
 	if err != nil {
 		msg := "callback: fetching login cookie"
 		if errors.Is(err, http.ErrNoCookie) {
-			msg += ": fallback cookie not found"
-			msg += "; user might have blocked all cookies or the callback route was accessed before the login route"
-			h.UnauthorizedWithLevel(w, r, fmt.Errorf("%s: %w", msg, err), zerolog.InfoLevel)
-		} else {
-			h.Unauthorized(w, r, fmt.Errorf("%s: %w", msg, err))
+			msg += ": fallback cookie not found (user might have blocked all cookies, or the callback route was accessed before the login route)"
 		}
+		h.Unauthorized(w, r, fmt.Errorf("%s: %w", msg, err))
 		return
 	}
 
@@ -38,7 +34,7 @@ func (h *Handler) Callback(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if params.Get("state") != loginCookie.State {
-		h.Unauthorized(w, r, fmt.Errorf("callback: state parameter mismatch"))
+		h.Unauthorized(w, r, fmt.Errorf("callback: state parameter mismatch (possible csrf)"))
 		return
 	}
 
diff --git a/pkg/router/handler_error.go b/pkg/router/handler_error.go
index 81dbd3f..ad4ce2c 100644
--- a/pkg/router/handler_error.go
+++ b/pkg/router/handler_error.go
@@ -95,9 +95,5 @@ func (h *Handler) BadRequest(w http.ResponseWriter, r *http.Request, cause error
 }
 
 func (h *Handler) Unauthorized(w http.ResponseWriter, r *http.Request, cause error) {
-	h.UnauthorizedWithLevel(w, r, cause, zerolog.WarnLevel)
-}
-
-func (h *Handler) UnauthorizedWithLevel(w http.ResponseWriter, r *http.Request, cause error, level zerolog.Level) {
-	h.respondError(w, r, http.StatusUnauthorized, cause, level)
+	h.respondError(w, r, http.StatusUnauthorized, cause, zerolog.WarnLevel)
 }
diff --git a/pkg/router/handler_frontchannellogout.go b/pkg/router/handler_frontchannellogout.go
index c6222da..9b934c2 100644
--- a/pkg/router/handler_frontchannellogout.go
+++ b/pkg/router/handler_frontchannellogout.go
@@ -28,7 +28,7 @@ func (h *Handler) FrontChannelLogout(w http.ResponseWriter, r *http.Request) {
 	sessionID := h.localSessionID(sid)
 	sessionData, err := h.getSession(r.Context(), sessionID)
 	if err != nil {
-		log.Infof("front-channel logout: getting session (user might already be logged out): %+v", err)
+		log.Warnf("front-channel logout: getting session (user might already be logged out): %+v", err)
 	}
 
 	err = h.destroySession(w, r, sessionID)